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6) K Claim(s) 1-8 and 10-19 is/are rejected. 
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Art Unit: 2131 

1 This action is in response to the communication filed on 1/22/2007. 

2 DETAILED ACTION 

3 In view of the Appeal Brief filed on 1/22/2007, PROSECUTION IS HEREBY 

4 REOPENED. New grounds of rejection are set forth below. 

5 To avoid abandonment of the application, appellant must exercise one of the following 

6 two options: 

7 (1) file a reply under 37 CFR 1 . 1 1 1 (if this Office action is non-final) or a reply under 37 

8 CFR 1.113 (if this Office action is final); or, 

9 (2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an 

10 appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee 

1 1 can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41 .20 have 

12 been increased since they were previously paid, then appellant must pay the difference between 

13 the increased fees and the amount previously paid. 

14 A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing 



15 below: 

16 

17 

18 

19 

20 Claims 1-8, and 10-19 have been examined and claim 9 has been cancelled. 

21 All objections and rejections not set forth below have been withdrawn. 
22 
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1 Response to Arguments 

2 Applicant's arguments, see Appeal Brief, filed 1/22/2007, with respect to the rejection(s) 

3 of the claim(s) in view of Fielder et al. have been fully considered and are persuasive. Therefore, 

4 the rejection has been withdrawn. However, upon further consideration, a new ground(s) of 

5 rejection is made in view of Mills, as presented below. 

6 Claim Objections 

7 Claim 4 is objected to because of the following informalities: Claim 4 recites the 

8 limitation "the user device" which lacks antecedent basis in the claim. For purposes of searching 

9 prior art the examiner will assume the limitation was meant to read "a user device". Appropriate 
1 0 correction is required. 

11 

1 2 Claim Rejections - 35 USC §103 

13 The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

14 obviousness rejections set forth in this Office action: 

15 (a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 

1 6 section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 

1 7 such that the subject matter as a whole would have been obvious at the time the invention was made to a person 

1 8 having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 

1 9 manner in which the invention was made. 
20 

21 Claims 1, 5-8, 10-11 3 and 13-19 are rejected under 35 U.S.C. 103(a) as being 

22 unpatentable over Mills (US Patent Number ,991,405), and further in view of Lamport, Leslie 

23 (Password Authentication with Insecure Communication) hereinafter referred to as Lamport. 

24 Regarding claims 1,18, and 19, Mills disclosed a method for validating a client device 

25 (Cellular Phone) by a server device (HLR), said method comprising the steps of: generating a 

26 shared unpredictable secret (See Mills Fig. 1 and Col. 5 Paragraph 3 "update the encryption 
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1 key"); storing the shared unpredictable secret in the client device and in the server device (See 

2 Mills Fig. 1 and CoL 5 Paragraph 3); requiring the client device to authenticate itself to the 

3 server device as a precondition to the server device validating the client device (See Mills CoL 4 

4 Lines 34-50); and replacing the shared unpredictable secret by a new shared unpredictable secret 

5 when the server device validates the client device (See Mills Fig. 1 and Col. 7 Paragraph 3), 

6 wherein: the server device sends update data to the client device (See Mills Fig. 1 Message 10 

7 SSD and Col. 6 Lines 35-58); the client device applies the update data to the shared 

8 unpredictable secret to generate a new secret (See Mills Col. 7 Paragraph 3); and the client 

9 device replaces the shared unpredictable secret with the new secret (See Mills Col. 7 Paragraph 

10 3), but Mills fails to disclose the specifics of the authentication, including the client proving the 

1 1 holding of a correct secret. Mills does disclose use of the new secret (new shared encryption 

12 key) in authentication (See Mills Col. 7 Paragraph 3). 

13 Lamport teaches a method of authentication in which for some fixed word V, a one-way 

14 function F(x) is applied a predetermined number of times to V, which is then sent to a system to 

15 prove authenticity through knowledge of V, and the system verifies the received F(x) in order to 

16 authenticate the user (See Lamport page 771 Col. 1 - Col. 2 Paragraph 1). 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to employ the teachings of Lamport in the phone system of Mills by utilizing the one- 

19 time password scheme in order to authenticate the phone as required by Mills. This would have 

20 been obvious because the ordinary person skilled in the art at the time of invention would have 

2 1 been motivated to provide a robust manner of authenticating the cellular phone to the HLR. It 

22 further would have been obvious in this combination to use the encryption key to encrypt and 
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1 decrypt the communications between the cellular telephone and HLR, including the generated 

2 password. This would have been obvious because the ordinary person skilled in the art would 

3 have been motivated to protect the communications from being intercepted during transmission. 

4 Regarding claim 5, Mills and Lamport disclosed that the shared unpredictable secret 

5 (New Encryption Key) is generated by a generator from a group comprising a random number 

6 generator and a pseudo-random number generator (See Mills Col. 7 Paragraph 3). 

7 Regarding claim 6, Mills and Lamport disclosed that the shared unpredictable secret 

8 comprises an unpredictable component and a fixed component (See Mills Col. 7 Paragraph 3). 

9 Regarding claim 7, Mills and Lamport disclosed that a plurality of client devices desire to 

10 be validated by the server device; and each client device has a unique unpredictable secret that it 

1 1 shares with the server device (See Mills Abstract). 

12 Regarding claim 8, Mills and Lamport disclosed that following a validation of the client 

13 device, the server device discards the shared unpredictable secret and stores within the server 

14 device the new shared unpredictable secret that can be generated by applying the update data to 

1 5 the shared unpredictable secret (See Mills Col. 7 Paragraph 3). 

16 Regarding claim 10, Mills and Lamport disclosed that the server device generates the 

17 update data using a generator from a group comprising a random number generator and a 

18 pseudo-random number generator (See Mills Col. 6 Paragraph 2); and the step of applying the 

19 update data to the shared unpredictable secret comprises computing a one-way function of t-he a 

20 combination of the shared unpredictable secret and the update data (See Mills Col. 7 Paragraph 

21 3). 
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1 Regarding claim 1 1, Mills and Lamport disclosed that the client device sends 

2 acknowledgement data to the server device to confirm that the client device has replaced the 

3 shared unpredictable secret with the new secret (See Mills Col. 7 Paragraph 3). 

4 Regarding claim 13, Mills and Lamport disclosed that the client device sends to the 

5 server device proof data demonstrating that the client device holds the correct secret (See the 

6 rejection, of claim 1 above and Lamport Page 771 Col. 1); and the server device is adapted to 

7 accept from the client device any proof data that are generated from a secret that is newer than 

8 the secret for which the most recent acknowledgment data have been received by the server 

9 device (See the rejection of claim 1 above and Lamport Page 771 Col. 1). 

10 Regarding claim 14 and 15, Mills and Lamport disclosed that the client device sends to 

1 1 the server device both the acknowledgment data and proof data derived from the new secret (See 

12 the rejection of claim 1 above). 

13 Regarding claim 16, Mills and Lamport disclosed that the client device presents proof 

14 data to the server device, wherein the proof data are derived from the shared unpredictable secret 

1 5 using a proof data generation algorithm, and the proof data do not divulge the shared 

16 unpredictable secret; the server device checks the proof data by using a proof data generation 

17 algorithm consistent with the proof data generation algorithm used by the client device; and 

1 8 when the server device determines that the proof data presented by the client device were not 

19 generated from the shared unpredictable secret that is stored in both the client device and in the 

20 server device, the server device does not validate the client device (See the rejection of claim 1 

21 above and Lamport Page 771 Col. 1). 
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1 Regarding claim 17, Mills and Lamport disclosed that the proof data generation 

2 algorithm is a one way function (See Lamport Page 771 Col. 1). 

3 Claims 2-4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mills and 

4 Lamport as applied to claim 1 above, and further in view of Sheymov et al. (Patent Application 

5 Publication 2001/0048745) hereinafter referred to as Sheymov. 

6 Mills and Lamport disclosed updating a shared unpredictable secret (See the rejection of 

7 claim 1 above), but failed to disclose how the initial shared unpredictable secret was acquired, or 

8 specifically that an initial shared unpredictable secret is determined in the client device and in the 

9 server device during a registration step that occurs prior to a log-in step, or that the registration 

10 step entails more checking of authentication data presented by the client device than does the 

1 1 log-in step, or that during the registration step, the client device is required to make a payment to 

12 a user device. 

13 Sheymov teaches that at the time of purchase, a user may be required to respond to 

14 screening data in order to enhance security of initialization, and that during the initialization an 

15 encryption key could be assigned to the phone (See Sheymov Paragraph 0027). 

16 It would have been obvious to the ordinary person skilled in the art at the time of 

17 invention to employ the teachings of Sheymov in the phone system of Mills and Lamport by 

18 having a user respond to screening data at the time of purchase, and that the initial encryption 

19 key be stored in the phone and server during initialization of the phone. This would have been 

20 obvious because the ordinary person skilled in the art at the time of invention would have been 

2 1 motivated to provide the phone and server with initial encryption keys, as well as ensure the 

22 security of the initialization. 
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1 Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Mills and 

2 Lamport as applied to claim 1 1 above, and further in view of Brinkmeyer et al. (US Patent 

3 Number 5,940,007) hereinafter referred to as Brinkmeyer. 

4 Mills and Lamport disclosed receiving acknowledgement data from the client device 

5 which validates the client device (See Mills Col 7 Paragraph 3), but failed to disclose the server 

6 discarding the shared predictable secret and storing the new shared unpredictable secret in 

7 response to receiving the acknowledgment data. 

8 Brinkmeyer teaches that in a system for updating keys, in order to prevent the situation 

9 where the key is updated in only one two devices, a first device should store the key and send an 

10 acknowledgement to the second device, which will erase the previous key and replace it with the 

1 1 new key only upon receipt of the acknowledgment (See Brinkmeyer Col. 7 Paragraphs 2-3). 

12 It would have been obvious to the ordinary person skilled in the art at the time of 

13 invention to employ the teachings of Brinkmeyer in the key updating system of Mills and 

14 Lamport by the HLR erasing the previous key and replacing it with the new key only upon 

1 5 receipt of the acknowledgment from the cellular phone. This would have been obvious because 

16 the ordinary person skilled in the art would have been motivated to prevent the situation where 

17 the HLR updated the key but the cellular telephone did not replace the key. 
18 

19 Conclusion 

20 Claims 1-8, and 10-19 have been rejected and claim 9 has been cancelled. 

21 A shortened statutory period for reply to this final action is set to expire THREE 

22 MONTHS from the mailing date of this action. In the event, a first reply is filed within TWO 
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1 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

2 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

3 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

4 CFR 1 . 136(a) will be calculated from the mailing date of the advisory action. In no event, 

5 however, will the statutory period for reply expire later than SIX MONTHS from the mailing 

6 date of this final action. 

7 Any inquiry concerning this communication or earlier communications from the 

. 8 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

9 The examiner can normally be reached on M-F 8-4. 

10 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

1 1 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

12 organization where this application or proceeding is assigned is 571-273-8300. 

13 Information regarding the status of an application may be obtained from the Patent 

14 Application Information Retrieval (PAIR) system. Status information for published applications 

1 5 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

1 6 applications is available through Private PAIR only. For more information about the PAIR 

17 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

1 8 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



19 
20 
21 
22 
23 
24 
25 
26 



/Matthew Henning/ 
Patent Examiner 
Art Unit 2131 
5/17/2007 
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